Filtered by vendor Nullsoft
Subscribe
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1177 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. | |||||
| CVE-1999-1561 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.2 HIGH | N/A |
| Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server. | |||||
| CVE-2001-0490 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file. | |||||
| CVE-2000-0049 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file. | |||||
| CVE-2004-1896 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | |||||
| CVE-2003-1273 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.1 LOW | N/A |
| Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters. | |||||
| CVE-2002-2195 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response. | |||||
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | |||||
| CVE-2003-0765 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
| The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | |||||
| CVE-2006-3007 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. | |||||
| CVE-2002-0907 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-". | |||||
| CVE-2004-1373 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | |||||
| CVE-2001-1304 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header. | |||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 6.4 MEDIUM | N/A |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | |||||
| CVE-2005-3188 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | |||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | |||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | |||||
| CVE-2002-0547 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag. | |||||
| CVE-2002-1524 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | |||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | |||||